At the Forge - JavaScript, Forms and Ajax

Of course, the program in Listing 3 is fatally flawed in several ways.
The biggest, by far, is the fact that the usernames array is
hard-coded in the JavaScript. It goes without saying that hard-coding
a list of user names in this way is guaranteed to fail, because the list
of users is stored in a database table, and we have not connected the
database with the program.

We could overcome this problem by generating the usernames array
from the database. In other words, our server-side program would
create part of our client-side JavaScript program dynamically. Thus,
instead of what we see in Listing 3:

var usernames = ['abc', 'def'];

we would use a server-side program to do something like the
following:

We would then insert $output into the resulting HTML file, ensuring
that the value of usernames would have the most complete and
up-to-date list of user names in the system.

But even this is likely to cause serious security concerns in a
production application, because it means that every user name in your
system—including those with poorly chosen passwords—will be
available to everyone visiting your registration page, simply by
looking at the HTML source code. Although it is true that every user name
has a password, and that someone would have to guess the password
associated with a user name in order to break into your system, can you
really vouch for the quality of every password? Moreover, the
user names themselves might be clues as to the number or types of users
on your system. In short, you really don't want a production system
to list the user names for a potential attacker, secure as you might
believe your system to be.

There is also an efficiency problem here. As your list of users grows,
the length of the usernames array will grow as well. Can you
imagine the time it would take to generate and download the
JavaScript for a site with 10,000 users?

The solution to all of these problems is, of course, Ajax. Rather than
checking the proposed new user name against an array in our JavaScript
application, we will have JavaScript submit the proposed user name to
the server, find out whether it already has been taken and act
accordingly—all without forcing the user to switch to a different
page of HTML! This is the underlying magic that makes Ajax
applications so compelling; they keep you on the same page longer than
traditional Web applications, thus providing a smoother user
experience.

Conclusion

We're making some progress on our way to Ajax heaven. We now have an
application—user registration—for which old-style Web
development provides an answer, but one that feels clunky to the
user. The solution we saw in this month's column works well, but
requires that the JavaScript contain a usernames array with all
user names on the system. For performance and security reasons, this
is a bad idea, and we should look for a different solution. Next month,
we will start to look at a genuine Ajax solution to this problem,
making our application look and feel smoother, while increasing its
security as well.

Books on Ajax and JavaScript

In working on these columns, I have found several good books on the
subject of HTML, JavaScript, Ajax and related technologies.

The two most comprehensive books on the subject are O'Reilly's
JavaScript: The Definitive Guide by David Flanagan
and Dynamic
HTML: The Definitive Reference by Danny Goodman. There is a fair
amount of overlap between these two books, and they are definitely
meant to be reference books rather than tutorials. That said,
experienced Web developers interested in learning about client-side
programming probably will learn a great deal from these
books. And once you're experienced, you will undoubtedly use these
two books often, checking everything from the cross-platform
compatibility of various JavaScript objects to how JavaScript
interfaces with the DOM.

Newer and less experienced Web developers would probably do well to
start with a gentler introduction to these technologies. One of the
best, and funniest, that I've seen is O'Reilly's Head Rush
Ajax by
Brett McLaughlin. My one criticism is touted as one of the book's
strengths—namely, that it presents the same information in many
different ways to ensure that you will remember it. The book might
be a bit annoying for experienced Web developers who will want
to get to the meat more quickly, and who might be frustrated by the
repetition. Nevertheless, I think that this is a worthwhile read for
anyone starting in the Ajax world.

A middle-of-the-road book that might appeal to more experienced Web
developers, while providing a tutorial and introduction to many
JavaScript concepts described here, is Professional JavaScript for
Web Developers by Nicholas Zakas and published by Wrox. I didn't
like the way in which Zakas used his own (freely available) JavaScript
library throughout the book, but I did think that the examples and
explanations were carefully chosen and interesting, and they also helped to
illuminate some of the shadier sides of JavaScript. Zakas contributed
to another Wrox book, Professional Ajax by Zakas, Jeremy McPeak
and Joe Fawcett, which I found to be less integrated and less
enjoyable than either the JavaScript book or the Head Rush
Ajax
book from O'Reilly.

Reuven M. Lerner, a longtime Web/database consultant, is a PhD
candidate in Learning Sciences at Northwestern University in Evanston,
Illinois. He currently lives with his wife and three children in Skokie,
Illinois. You can read his Weblog at
altneuland.lerner.co.il.

HI
this is very good post
but i wonder you can help for the one wwork with mysql and
special in case of record have long title
eg: when some one posting articles the Ajax will check for its title ( may be long ) and find in data, is some realy similar articles exiting with that title .. so poster do not make double post ..
if have any solution please pm mail me yahoo binhaus
thanks
kind regards

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.